On 22 Mar 2016, at 23:30, Nathan Freitas <nathan@freitas.net> wrote:

On Mon, Mar 21, 2016, at 02:16 PM, Tim Wilson-Brown - teor wrote:
Just a heads' up that tor 0.2.8 includes a fallback directory mirrors
feature, where tor clients bootstrap from a set of hard-coded long-lived
directory mirrors. This makes bootstrap more reliable, and makes it
harder to block tor. The wiki has an entry with more details. [0]

We're currently trying to finalise a list of around 100 fallback
directory mirrors by the time tor 0.2.8-stable is released. [1]

Thanks for the heads up on this. It sounds like an excellent feature.

Is there any randomization to the selection of which mirror to use?

The fallback directory mirrors are randomly selected based on a hard-coded weight. This weight is based on their consensus weight at the time the list of mirrors was created. (We exclude low-weight mirrors, and reduce the weights of some high-weight mirrors so they don't see too many client requests.)

Any events or info notice when the fallback is being used?

The fallbacks are used for the initial consensus download, and a connection is tried as soon as tor starts up. So they're always being used.

The standard tor bootstrap events are issued to any controllers during bootstrap, regardless of whether the initial consensus is downloaded from an authority or a fallback.

The info-level logs look something like this:
Mar 23 10:40:13.000 [info] update_consensus_bootstrap_attempt_downloads: Launching microdesc bootstrap mirror networkstatus consensus download.
Mar 23 10:40:13.000 [info] directory_pick_generic_dirserver: No router found for consensus network-status fetch; falling back to dirserver list.
Mar 23 10:40:13.000 [info] connection_ap_make_link: Making internal direct tunnel to [scrubbed]:80 ...
Mar 23 10:40:13.000 [info] connection_ap_make_link: ... application connection created and linked.
Mar 23 10:40:13.000 [info] directory_send_command: Downloading consensus from 78.47.18.110 using /tor/status-vote/current/consensus-microdesc/0232AF+14C131+23D15D+49015F+805509+D586D1+E8A9C4+ED03BB+EFCBE7.z
Mar 23 10:40:13.000 [info] onion_pick_cpath_exit: Using requested exit node '$F8D27B163B9247B232A2EEE68DD8B698695C28DE~F8D27B163B9247B232A at 78.47.18.110'
Mar 23 10:40:13.000 [info] circuit_handle_first_hop: Next router is [scrubbed]: Not connected. Connecting.
Mar 23 10:40:13.000 [notice] Bootstrapped 5%: Connecting to directory server

78.47.18.110 (and the fingerprint) are a randomly-selected hard-coded fallback directory mirror IP addresses and fingerprint.

Tor will try several fallbacks, then try an authority.
It doesn't wait for the first connection to timeout before trying another fallback or authority.
It downloads the consensus from the first fallback or authority it can successfully connect to, and closes all the other connections.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F